Introduction
At IBM, work is more than a job – it’s a calling: To build. To design. To code. To consult. To think along with clients. To make markets. To invent. To collaborate. Not just to do something better, but to attempt things you’ve never thought possible. Are you ready to lead in this new era of technology and solve some of the world’s most challenging problems? If so, let’s talk.

Your Role and Responsibilities
The Cloud Risk & Client Excellence Specialist provides support for those looking to take a risk-centric approach to their digital transformation for application modernization to cloud. This role also helps clients and internal IBM partners to understand key security issues, risks, exposures, and helps develop approach to meet business needs. Key areas of responsibility include:
FS Cloud Platform & Risk Office Program

• Conduct control mapping assessments and produce formal reports showing how the IBM Cloud Framework for Financial Services control requirements compare to key industry and regulatory standards/requirements, as well as financial institutions’ (FIs) internal control frameworks
• Hold discussions with internal stakeholders and clients on an ‘as needed’ basis to walk them through the results of various mapping assessments
• Support effectiveness and continuous enhancement of the FS Controls Framework and associated methodology by identifying/documenting additional requirements, based on the outcome of controls mapping efforts, that further drives the security and risk architecture
• Work with client and service partner account teams to support risk and controls tracks focused on winning clients
• Coordinate with the IBM Cloud BISO, Compliance teams, Offering Management, and strategic partners in confirming completeness and on-going enhancements of the FS Controls Framework
• Provide subject matter expertise to strengthen controls design and implementation effectiveness
• Partner with IBM Cloud Service/Software, IBM Cloud BISO, Infrastructure, and ISV Ecosystem teams to complete risk evaluations enabling FS Validation approvals for IBM Cloud Services/Software, MZRs, and ecosystem partners (ISVs)
• As part of risk assessments, identify risks, threats, vulnerabilities, potential anomalous flows and interactions, considering potential mitigating/compensating factors
• Develop internal and client-facing collateral providing insights and transparency into the FS Validation and risk assessment processes
• Develop new and enhance existing FS Risk Office program methodology/process documentation
• Oversee multiple in-flight assessments, ensuring program aims are delivered in a timely manner
• Maintain team’s Key Performance Indicators (KPIs) and Service Level Agreements (SLAs)

Client Excellence Program

• Help support teams managing the Financial Services Cloud Council and Forum community by sourcing and curating content (blogs, videos, podcasts, etc.) related to risk management in the financial services space
• Assist with researching and writing content that reflects in-depth knowledge of industry’s trends and company’s objectives
• Help support the teams managing the Client Advocacy, Cloud Executive Sponsor, and the FS Cloud Council programs

Required Technical and Professional Expertise

• Bachelor’s degree in cybersecurity, computer science, information systems, marketing, or related field
• 5+ years of cybersecurity, IT risk management, IT audit and/or compliance experience, particularly within the financial services sector
• Professional certification such as PMP, CISA, CISSP, CISM and CRISC
• Hands-on experience in risk management and/or compliance capacity addressing security & compliance matters for regulated clients
• Understanding of global financial services regulatory bodies that oversee technology and cybersecurity risk in the industry, e.g. FFIEC, FCS, RBI, EBA (DORA), APRA, OSFI, MAS, CMORG, ECUC, and EUCS
• Prior experience of proof reading/interpreting regulations along with ability to gauge possible associated risks
• Strong proficiency of multiple security, IT Compliance and auditing standards including but not limited to, NIST Cybersecurity Framework, NIST 800-53, COBIT, ISO 27001, CRI Profile, OWASP, ITILv3, and CSA
• Subject matter expertise in IT operations & security control domains such as application security, cloud security, container security, change management, disaster recovery, data center operations, information and network security
• Exceptional leadership, attention to detail, time management, facilitation and organizational skills including the ability to exercise influence with or without direct management responsibility
• Creativity and judgment to move between multiple projects within the business
• Excellent communication (verbal and written) and interpersonal skills, and an ability to effectively communicate with both business and technical teams, as well as clients (attention to detail crucial)
• Demonstrated discretion and independent judgment, especially in matters of significance to IBM and clients

Preferred Technical and Professional Expertise

• Master’s degree in cybersecurity, computer science, information systems, marketing or related field
• 8+ years of cybersecurity, IT risk management, IT audit and/or compliance experience, particularly within the financial services sector
• Strong content editing skills and attention to detail
• Experience with cloud transformation risk management journey
• Practical knowledge of security in application development, DevSecOps, and threat modelling